ONC has launched a challenge for developers, designers and health data privacy experts to create an online model privacy notice generator for health IT products that will encourage transparency and help consumers make informed choices.
The first place winner of the challenge will receive $20,000. The second and third place winners will receive $10,000 and $5,000, respectively.
The general requirements for the challenge are:
- The submission cannot use HHS or ONC logos.
- The submission must function as expressed in its description and must contain accurate and complete information.
- The submission must be free of malware, and is subject to ONC testing.
While the design of the notices is up to the submitter, the notice cannot be a static document, such as a PDF. However, the notice can be interactive and include visuals.
ONC is accepting submissions until April 10, 2017. Winners will be announced mid-2017.
The Office of the National Coordinator for Health Information Technology has released its 2017 Interoperability Standards Advisory, which expands its focus on health research interoperability, after compiling roughly six months of public feedback on the document.
The purpose of the ISA is to provide a single, public list of standards and implementation specifications that best address the needs of clinical health information interoperability. The ISA’s current focus is on information interoperability between entities, instead of users within an organization. It is also intended to inform standards and specifications, not just for electronic health records (EHR), but all forms of health IT that support interoperability needs.
Some of the updates to the ISA include:
- Discontinuing the “best available” label, as the term does not provide a specific pathway for industry input. The Health IT Standards Committee discontinued the label based on feedback that stakeholders may have different perceptions about what constitutes a “best available” interoperability standard or specification.
- Releasing a static “Reference Edition” every December that can be cited in contracts, agreements or as needed. The web-based version will be updated frequently to reflect real-time updates to interoperability standards and specifications.
- Further moving the ISA toward a web-based, interactive resource that provides transparency and encourages greater stakeholder engagement
The 2017 update also provides patient-specific assessments and recommendations based on patient data for clinical decision support, and adds remote patient monitoring for chronic condition management, as well as patient education and engagement.
In a statement released earlier this week, ONC national coordinator Vindell Washington, M.D., said, “The ISA is a key step toward achieving the goals we have outlined with our public and private sector partners in the Shared Nationwide Interoperability Roadmap, as well as the Interoperability Pledge announced earlier this year.”
The Interoperability Pledge consists of three commitments:
- Empowering patients through electronic access to health records
- Eliminating roadblocks that stand in the way of health information exchange
- Implementing national interoperability standards for EHRs
To date, companies that provide 90% of EHRs used by hospitals have taken the interoperability pledge.
Robotic process automation (RPA), a software with artificial intelligence and machine learning capabilities that essentially automates other software, has already begun to make its way into the healthcare space and it seems the use of this technology will only continue to grow in healthcare.
The RPA market is projected to reach $8.75 billion by 2024, according to a press release. RPA is already beginning to take hold in healthcare especially when it comes to processing claims and automating administrative tasks.
One health IT expert discussed the potential use cases for RPA in healthcare with SearchHealthIT. He said the main use case he sees for RPA in healthcare is when it comes to revenue cycle management and he believes RPA can provide comparative looks at medical records — analysis of the differences in medical records and analysis of what those differences are — as well.
The expert also said that RPA can be helpful in healthcare when it comes to keeping up with the licensure and certification of clinicians and ensuring they are up to date.
In addition to healthcare, the financial industry, and telecom/IT industries are all embracing this technology as well. The release said this is because these industries all handle large volumes of data entry and switching among various applications.
“Healthcare accounted for over 11% market share in 2015,” the release said. “RPA solutions are increasingly adopted in the healthcare industry as the sector requires labor-intensive activities and demands on patient rules along with ever increasing amount of data processing.”
One key player when it comes to RPA is Blue Prism, the release said. And Blue Prism has already made its way into the healthcare space.
Health data and patients’ electronic access to their own health information are real, personal issues, not just the stuff of health IT government and vendor debate.
Some 94% of respondents in a new nationwide survey of 1,000 patients sponsored by Surescripts, the national pharmacy IT network, said their medical information and records should be stored electronically in a single location, particularly for planned doctor appointments.
Look at a slideshow on the report here.
Also, 55% of those surveyed think health data sharing could both save lives and reduce healthcare costs over the next decade, the study, conducted with the Kelton Global research firm, found.
The Surescripts annual Connected Care and the Patient Experience survey came up with quite a few seemingly counter-intuitive findings, among them that Americans would like to share more general information about their health.
Most of the surveyed patients (77%) said they’d be willing to share their physiological health information. Another 69% reported they’d share their health insurance information. And 51% even indicated they’d share behavioral and mental health records.
These findings are somewhat surprising because recent big health data breaches have purportedly made many people skittish about sharing their personal information. In reality, sharing that stuff can usually get you better care, even in the behavioral and mental health realms, many patient activists and forward-looking clinicians say.
In the meantime, Surescripts, which is known, among other things, for its electronic prescribing systems, is – likely not coincidentally – promoting the National Record Locator Service health data sharing system it launched earlier in 2016.
The service has received more than 4.5 million requests for patient locations and returned more than 890,000 locations of care summaries, including more than 15 million visit locations for care delivered by 109,000 providers, according to a Dec. 14, 2016 Surescripts release.
The survey’s most notable insights, the release said, are that patients:
- “Overwhelmingly want their medical information electronically stored in a central location and easily accessed and shared
- Are increasingly dissatisfied with the amount of time and effort they’re spending on recounting medical information and waiting in doctors’ offices or pharmacies
- Increasingly prefer and expect new and innovative ways to receive care and get prescriptions.”
Other interesting, and totally understandable, findings:
Fifty percent of the survey group agreed that renewing a driver’s license would require less paperwork than seeing a physician for the first time, and 57% said they would be just as likely to be frustrated filling out paperwork at a doctor’s office as they would be buying a new car.
Cognitive computing may be the next big advance in health IT security. According to a recent study from the IBM Institute for Business Value, nearly 60% of security professionals say cognitive technologies will be crucial to battling cybercrime.
Organizations from across many industries—including healthcare—are participating in the IBM Watson for Cyber Security beta program, according to a release. One healthcare organization that will be participating is the University of Rochester Medical Center (URMC) in New York.
The release said that the Watson cybersecurity system uses intelligent technologies like machine learning and natural language processing that can help security analysts make better and faster decisions using vast amounts of data.
“Customers are in the early stages of implementing cognitive security technologies,” Sandy Bird, chief technology officer for IBM Security, said in the release. “Our research suggests this adoption will increase threefold over the next three years, as tools like Watson for Cyber Security mature and become pervasive in security operations centers.”
The organizations now participating in the beta program—including URMC —are using Watson in their environment to bring more context to their cybersecurity data, the release said.
Some new use cases for cognitive computing and cybersecurity, according to the release, include:
- “Determining whether or not a current security ‘offense’ is associated with a known malware or cybercrime campaign; if so, Watson can provide background on the malware employed, vulnerabilities exploited and scope of the threat, among other insights
- “Better identifying suspicious behavior; Watson provides additional context to user activity outside of the primary suspicious behavior, which can provide better guidance to whether or not an activity is malicious.”
Cybersecurity is at the forefront of healthcare CIOs’ and health IT professionals’ agendas as ransomware attacks have been ramping up and have increased 300% from 2015 in early 2016 alone, according to a U.S. Government Interagency report.
The U.S. Senate passed the 21st Century Cures Act on Dec. 6, legislation that has some important implications for health IT including providing funding to initiatives started by President Barack Obama in which health IT plays a major role, interoperability and data blocking, and FDA approval of medical devices.
The Cures Act invests $1.8 billion in Vice President Joe Biden’s project with the National Cancer Institute to transform cancer research, the Cancer Moonshot, which includes the use of health IT, according to a White House release.
The Cures Act also earmarks nearly $3 billion to continue Obama’s BRAIN initiative (The Brain Research through Advancing Innovative Neurotechnologies).
The Brain Initiative aims to further understanding of the brain through the development and application of innovative technologies, including precision medicine and research on other new ways to treat disease, such as the use of genomics. Some political observers have said that all these efforts may be in doubt when the administration of president-elect Donald Trump takes over in 2017.
Interoperability and data blocking
The Cures Act also addresses interoperability and data blocking.
The legislation states that in order to be considered interoperable, technology must satisfy the following criteria:
- Secure transfer of all electronic health information
- Complete access to health information
- Ensure the technology is not set up to block information
The law establishes requirements for interoperability and the certification of health information technologies. It also further prohibits practices from discouraging the exchange of electronic health information.
FDA approval of medical devices
The Cures Act also speeds up and de-regulates the process for the FDA to approve certain medical devices. The Act says: “The FDA must identify types of medical devices that do not require submission of a report prior to commercial marketing.”
This provision has elicited criticism from some liberal Democrats.
The White House addressed these concerns in its release, stating: “Like all comprehensive legislation, the bill is not perfect, and there are provisions the Administration would prefer were improved, but the legislation offers advances in health that far outweigh these concerns.”
CHICAGO – Scott Seidelmann, founder and CEO of Candescent Health, a cloud medical imaging service vendor and sort of spin-off of cloud EHR vendor athenahealth, Inc., got off a plane and headed straight to the show floor of RSNA 2016.
It was Tuesday, the second day of the 102nd Scientific Assembly and Annual Meeting of the Radiological Society of North America, held as usual at the vast McCormick Place convention center, the nation’s largest. The event attracted some 52,000 people this year.
This venerable mega-conference both delights radiology and imaging practitioners and vendors because of its all-encompassing range of technologies and ideas and annoys attendees because many must travel the Sunday after Thanksgiving or set up during Thanksgiving week itself.
What struck the Candescent exec most when he stepped onto the show floor was how few cloud PACS (picture archiving and communications systems) and VNA (vendor neutral archives) purveyors have adopted the cloud and its advantages of agility, economy of scale, instant updating and affordability.
“You could walk around this conference for almost any other industry and it’s going to look and feel completely different, whether it’s financials or HR or CRM, everybody’s moved to cloud-based systems,” Seidelmann told me at RSNA 2016.
“They don’t want the servers in their basements, they don’t want the IT people maintaining them, they don’t want the license fees, the service fees,” he said. “Healthcare, more broadly speaking, just hasn’t done that.”
As for radiology, the core medical imaging discipline that Candescent focuses on, Seidelmann acknowledged that its modalities – the advanced machines needed to produce MRI, CT scan, ultrasound, X-ray and other healthcare images – still are hardware devices that have to be kept on premises.
He also recognized that many healthcare providers have moved to hybrid cloud image storage systems, whether PACS or VNAs, with one copy of images stored on-site and backup copies in clouds owned and operated by big cloud service providers such as Dell.
(Dell, by the way, recently split into Dell EMC, a division of Dell Technologies, and Japanese-owned NTT Data Services, which is essentially the old Dell Services, after the old Dell sold its services division for $3 billion and at the same time bought EMC for about $67 billion. Got that? Both new entities were on hand at RSNA 2016).
“Why don’t we move the entire system in that direction?” Seidelmann said, referring to the cloud. “Why don’t we just have a usage-based system that leverages the economies of scale of Amazon or Google or Microsoft Azure that are going to get to unit costs from a storage perspective that are infinitely lower?”
In other words, a way of doing things that is akin to Candescent’s business and technology model.
Seidelmann’s company’s modus operandi is to offer smaller hospitals and radiology clinics a kind of plug-in radiology service that uses the cloud to deliver a SaaS radiology routing and analytics system and complements that with a human-staffed help or traffic control desk.
I should note here that the point Seidelmann argued in the interview with SearchHealthIT jibes pretty well with what a neutral observer of the RSNA 2016 floor might observe, but that many vendors also were offering cloud systems or appearing to be heading toward the cloud.
Due to the ever-changing regulatory landscape and the focus on managing the health of populations, IT vendors have taken several different approaches when it comes to population health management technology platforms, according to an article by the Cincinnati Business Courier.
Even EHR vendors are developing their own population health management modules and although some IT vendors are creating EHR agnostic population health management technologies, others have created niche solutions, the article said, which complicates the others have created niche solutions that complicate the flow and sharing of data, the article said.
Here are some population health management technology issues that create barriers to population health management and that healthcare organizations should keep in mind:
Workflow with the EHR
Many population health management technologies in the market today exist as separate modules outside the EHR. This often results in a disjointed workflow because it requires a second sign-on and a different user interface, the article said. It also often impedes training and slows adoption efforts within the organization.
Lack of standardization of health data
In healthcare, data that is aggregated across different systems often is not standardized and the vocabulary and formulas for calculation are also different, the article said. Therefore, the same data elements don’t mean the same thing in many cases.
Although there have been government mandates to free health data and stop data blocking, it still happens. Vendors, health information exchanges, healthcare organizations and individual providers all claim ownership of data, the article said. This means that liberating this data will be cumbersome and costly.
Inaccurate patient matching
Matching patient information accurately and efficiently while reducing the creation of duplicate records is a technological challenge that health IT experts have been trying to solve for a while. Solving this problem becomes even more important when exchanging data between different systems while managing a patient population that spans a care network greater than a single healthcare organization, the article said.
Multiple patient portals
Patients should be able to access their health records through a single point of access. However, that is not the case today because different systems and EHRs all have their own patient portal, the article said. For example, there may be a separate portal for primary care, inpatient and billing which creates a confusing interface for patients.
Evolving telemedicine strategies
Telemedicine is still being defined in healthcare and several key points need to be identified first, according to the article:
- Supported services;
- Scheduling of and access to care provider services;
- Technical infrastructure requirements; and
- Reimbursement models for virtual consultants.
Should a healthcare organization want to implement a truly successful population health management program, these challenges will need to be overcome.
The number of health data breaches decreased for the second month in a row following a summer that saw a record number of breaches, according to the Protenus Breach Barometer.
Of the 35 data breaches in October, 40% were caused by hacking, malware or ransomware and affected 664,549 patient records. Four of the incidents specifically involve ransomware, and two involved ransom or extortion, but not ransomware.
The two hacking incidents that involved ransom demands were attributed to TheDarkOverLord, a hacker who previously posted nearly 10 million patient records for sale on the dark web market.
Healthcare providers reported 29 of the health data breach incidents and health plans reported two incidents. Business associates or vendors reported three health data breaches. Healthcare organizations should review the reporting rules and procedures in their business associate agreements to ensure that a breach is handled quickly and efficiently if one occurs.
October’s health data breaches brings the total for 2016 up to 305 reported incidents so far.
The price for medical records has dropped
The influx of stolen medical records appears to have a direct effect on the price of these records on the dark web market.
James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT) said the price drop is due to “exceeding supply, stagnant demand and increased law enforcement attention” that makes it harder for cybercriminals to make money selling partial medical records.
A recent study conducted by ICIT and the cybersecurity firms Intel Security and Flashpoint found that the price for stolen medical records has dropped from $50 to $100 to about $20 to $40.
Despite the dip in breaches and the price drop, healthcare organizations should still take care to prevent future incidents by monitoring internal systems for unusual data transfers and implementing strong password policies on devices that store protected health information. It also remains to be seen how the decrease in health data breaches will affect the behavior of cybercriminals who target the healthcare industry.
Although EHR use is up, more work needs to be done on interoperability.
ONC urged both the public and private sectors to work together to drive interoperability and make sure electronic health information is able to flow seamlessly through easy-to-use technology systems that present actionable information at the point of care.
ONC recommended three key actions in the report:
ONC said it has already taken action on this front by publishing the Interoperability Standards Advisory, a single resource that lists federally recognized and national interoperability standards and guidance.
ONC said it has also launched a three-part strategy to help connect and accelerate a FHIR (Fast Health Interoperability Resources) ecosystem to spur the development of software apps for consumers and healthcare providers
“The strategy seeks to leverage the growing interest in an industry-wide approach to open, standardized APIs,” ONC said in the report.
This strategy’s goals are, ONC said:
- Help consumers get and use their data
- Improve user-experience and utility for individuals and clinicians
- Coordinate open information with EHR app solutions.
Build a business case for interoperability
ONC said in the report that the shift from fee for service to value-based care is key to building a business case and providing incentives that will drive demand for interoperability. ONC added that while Medicaid EHR Incentive Programs are often the primary motivator for the adoption of EHR technology, those programs alone are not enough to overcome barriers to interoperability.
In this arena, these steps are imperative, ONC said:
- Shift to value-based care
- Support healthcare providers in using health IT
- Medicaid—a government healthcare program for Americans of all ages– funding to advance the flow of electronic health information
Provide more access to health information
ONC suggests in the report that changing the culture around access to information can be done by:
- Supporting the rights of patients to obtain and control their data
- Expose and discourage information blocking
- Promote transparency and competition
- Enhance the safety, reliability and accountability of certified health IT